Apparatus and method for incorporating signature into electronic documents

ABSTRACT

“Embodiments relate to methods and apparatus for facilitating the protection from tampering of an electronic document to which an electronic signature is applied. In non-limiting examples, techniques may relate to the handling of document appearance data, dynamic signature biometric data, digital footprints data, pixel history data, and camera-acquired image data.”

FIELD OF THE INVENTION

The present invention is related to electronically signed documents.More particularly, the present invention is related to incorporatingsignature into electronic documents.

BACKGROUND OF THE INVENTION

In an era of electronic documentation and electronic handling ofdocuments, there is still knowledge and capability gap in efficientlyhandle paper documents that carry a legal signature. The “paperlessoffice” concept has been around for well over a decade. It has failed tomove from theory to reality, however, because of cultural reticence,unequal access to technology, and the lack of an adequate legal andservice infrastructure to support such a paradigm shift. At present,most large organizations such as banking institutes spend large sums ofmoney for handling of signed documents. The handling activities aremandatory by law since the legislation involved with digitalsignature—public key infrastructure PKI, has not yet determined in somesituations any practical means of creating fully electronic documentsthat allow their submission as authentic evidence in instates such ascourts, as an example.

Several attempts were made in order to allow incorporation of electronicsignatures into electronic documents. The production of an electronicsignature is already known in the art; however, incorporating thesignature in an electronic document is the problem to be solved. Anexample is disclosed in U.S. Pat. No. 5,689,567 “Electronic SignatureMethod and Apparatus” by Miyauchi. In another example taught in patentapplication published as WO03009217 “Electronic Signing of Documents” byWu et al., a method for a person to sign a document by use of anelectronic pen is introduced.

Another computer-based method for capturing and verifying a handwrittensignature is disclosed in U.S. Pat. No. 6,064,751 “Document andSignature Data Capture System and Method” by Smithies et al. and anidentity authentication system that can be used in commercialtransactions at a point-of-sale terminal is described in patentapplication published as WO03036861 “Security Access System” by Black.Another solution is described in patent application published asWO0223316 “Apparatus and Method for Acquiring Information and Producinga Signed Document” by Ornellas et al.

In neither of the available solutions, the person signing the documentby electronic means is not sure that his signature is used properly andhe signs on the document that he wishes to sign. In case a customerenters an organization such as a bank and need to sign a document, thefact that he has a private key container (like smart card) forsignature, or any other biometric means, he needs to be sure that whathe sees is what he signs.

The proposed solutions lack the security feature by which the digitalsignature becomes a part of the original document. Actually, theproposed solutions are not far from being scanned image of the signatureonce captured, can be cut and pasted onto any electronic document,making forgery a simple matter. There is a need to produce a digitizedsignature. Digital signatures are actual transformation of an electronicmessage using public key cryptography. Through this process, the digitalsignature is tied to the document being signed, as well as to thesigner, and therefore cannot be reproduced. Most importantly, digitallysigned electronic transactions should have the same legal weight astransactions signed in ink.

SUMMARY OF THE INVENTION

It is an object of the present invention to provide an electronic devicethat is a hardware device that is totally secured and protected againstmanipulation or error by means of programming.

It is another object of the present invention to an electronic devicethat is clear and plain evidence to the signer that his signaturebecomes a part of the original document. The principle of “What You SeeIs What You Sign” or WYSIWYS is achieved.

It is therefore provided in accordance with the present invention adevice for incorporating digital signature to within a documentcomprising:

-   -   screen adapted to display the document;    -   signature means electronically communicating with said screen        adapted to transfer an un-restorable digital signature to said        document;    -   at least one reader adapted to provide digital signature and        digitally sign the document;    -   interface port adapted to transfer the document from a computer        to the device and transfer a signed document back to the        computer;

whereby the document, which is generated on said computer, displayed onsaid screen is digitally signed and transferred with the embeddedun-restorable digital signature to said computer.

Furthermore in accordance with another preferred embodiment of thepresent invention, said signature means is selected from a group ofmeans such as electronic pen, biometric fingerprint, and other biometricdata.

Furthermore in accordance with another preferred embodiment of thepresent invention, said reader is selected of a group of readers such assmart card readers or reader for private key container like dongle

Furthermore in accordance with another preferred embodiment of thepresent invention, said signature means is an electronic pen that can bebased on technologies selected from a group of technologies such aslight detection, sound or ultrasound detection.

Furthermore in accordance with another preferred embodiment of thepresent invention, said screen is an LCD screen.

Furthermore in accordance with another preferred embodiment of thepresent invention, screen is a touch screen.

Furthermore in accordance with another preferred embodiment of thepresent invention, the device further comprises control button adaptedto allow interaction with the displayed document.

Furthermore in accordance with another preferred embodiment of thepresent invention, said screen is sized to an A4 document.

Furthermore in accordance with another preferred embodiment of thepresent invention, said at least one reader is incorporated within saiddevice.

Furthermore in accordance with another preferred embodiment of thepresent invention, said smart card reader is separated of said deviceand is electronically communicating with the device.

It is further provided in accordance with yet another preferredembodiment of the present invention, a method for incorporating digitalsignature to within a document comprising:

-   -   generating the document to be signed on a computer;    -   transferring the document to a device for incorporating digital        signature wherein said device comprising a screen, signature        means, and at least one smart card reader;    -   displaying the document on said screen;    -   digitally signing the document through said at least one card        readers;    -   applying a digital signature onto the document using said        signature means;    -   transferring the digitally signed document to the computer;    -   sealing the document so as to prevent restoration of said        digital document.

Furthermore in accordance with another preferred embodiment of thepresent invention, digitally signing the document is performed by a PKI.

Furthermore in accordance with another preferred embodiment of thepresent invention, the device further comprising applying changes ontothe document using an electronic pen.

Furthermore in accordance with another preferred embodiment of thepresent invention, the device further comprising applying a hash and adigital signature in a hexagonal format to said document for a printedversion of the document.

BRIEF DESCRIPTION OF THE DRAWINGS

An exemplary embodiment of the invention is described in the followingsection with respect to the drawings. The same reference numbers areused to designate the same or related features on different drawings.The drawings are generally not drawn to scale.

FIG. 1 illustrates a device for incorporating digital signature intoelectronic documents in accordance with a preferred embodiment of thepresent invention.

FIG. 2 illustrates a flowchart of a method for incorporating digitalsignature into electronic documents in accordance with a preferredembodiment of the present invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENT

The “paperless office” concept has been around for well over a decade.However, it has failed to move from theory to reality because ofcultural reticence, unequal access to technology, and the lack of anadequate legal and service infrastructure to support such a paradigmshift. The present invention provides a hardware device as well as amethod allowing a customer to see the document he is about to sign andthen sign the document with his own handwritten signature or any otherbiometric means that is identified solely with the person that signs thedocument even in multi-page documents. The digital signatures as well asany other handwritten or other changes that may be applied onto thedocument are immediately embedded into the graphics of the originaldocument in a way that prevents them from being separated from thedocument from that point on.

Later, the document is marked and sealed using the internationalstandard of public key infrastructure PKI, and is returned to thecomputer that generated the document in the first place. Since sealingthe document is being performed using a PKI, there is no means torestore the digital signature and copy it to another document. Thedigital signature that is being produced using the method of the presentinvention is an un-restorable signature that is intended to a singledocument. Similarly to a handwritten signature that a person signs on anoriginal hard-copy paper document.

In the present document, the expression “digital signature” representsany type of signature such as handwritten signature, fingerprintsignature, PKI signature, or any other means of private identification.

The following detailed description is of the best presently contemplatedmodes of carrying out the present invention. This description is not tobe taken in a limiting sense, but is made merely for the purpose ofillustrating the general principles in accordance with the presentinvention. The scope of the present invention is best defined by theappended claims.

Reference is now made to FIG. 1 illustrating a device for incorporatingdigital signature into electronic documents in accordance with apreferred embodiment of the present invention. Digital signatureincorporation device 10 is adapted to electronically communicate with acomputer 12. Device 10 can be installed as an external device tocomputer 12 using a USB connection, for example. Device 10 can beequipped with any type of input/output ports in order to allow efficientcommunication with computer 12 or any other marginal devices such asUSB, infrared, Bluetooth, wireless, cellular and so on.

Software 14 that is loaded onto computer 12 using software drivers orthrough an Internet connection is adapted to send a printout of adocument formed by any available and known in art means to device 10.Computer 12 is provided with supplementary software and hardware thatare adapted to handle the document before it is signed and after theprocedure is finished as known in the art. Therefore, computer 12 isadapted to form files as mentioned herein before and means adapted tostore the resultant document in an archive, save the document in apermanent folder or any alternative location, print a paper copy of thedocument or route the document to another program for further handling.

Device 10 comprises a screen 16 that is preferably an LCD screen. Screen16 can be preferably a touch screen or a regular one and is preferablysized to substantially correspond an A4 page size so that a documentthat is displayed onto the screen can be legibly read. It should benoted that any other size can be utilized in the device of the presentinvention.

Digital signature means is provided to device 10 so as to allow theperson or parties signing the document to sign the document using ahandwritten signature or any other biometric signature such asfingerprint, iris identification, photograph or the like.

Optionally, device 10 further comprises an electronic pen 18 that iselectronically connected to device 10. Electronic pen 18 can be based onany technology known in the art or any other technology such as lightdetection, sound/ultrasound detection, etc. Optionally, other biometricdevices can be implemented with the device and by no means limit thescope of the present invention.

At least one, but preferably two smart card readers 20 are provided todevice 10. It should be noticed that other readers or controllers ofprivate key container, like dongle can be used without limiting thescope of the present invention. Card readers 20 can be incorporated inthe device as shown in FIG. 1 or can be separate devices that are beingelectronically communicating with the device in a manner known in theart. Smart card readers 20 are adapted to encrypt the document hashstring using a private key that is stored in the smart card or any otherprivate key container.

Control buttons 22 are provided within device 10 so as to allowinteractive operations to be performed by the users on the document suchas browsing a document. Optionally, control buttons can be virtuallydisplayed preferably on the margins of LCD screen 16.

The device for incorporating a digital signature of the presentinvention is to be used using a preferred method in which two partiesare about to sign a document, while one of the parties has a computerincorporated with the device of the present invention, in a preferablecase, the organization, and the other party has only his own private keycontainer, or will use his biometric parameters to sign the document.Exemplary parties that can use the method of the present invention are abank and the bank's customer or two parties in a lawyer's office.

Reference is now made to FIG. 2 illustrating a flowchart of a method forincorporating digital signature into electronic documents in accordancewith a preferred embodiment of the present invention. As an example, aprocedure taken place in a bank between a bank representative (bankteller) and a customer. Using the software of the bank's computer, theteller is sending a printing command to print a certain originaldocument 102 onto the device for incorporating a digital signature usinga PC interface 100. As the document is being transferred to the device,a time stamp and device ID 104 are added to the document and then it isdigitally signed 108 by the teller's private key, the devices privatekey 106.

The customer can see now the original document displayed on the LCDscreen of the device 110. In this stage, the original document is signedwith the PKI signature and preferably also with the date and time aswell as some identification of the device itself and tiller.

The customer as well as the teller can browse the document displayedonto the screen using actual or virtual buttons. If several pages aredisplayed, the users can browse through the pages or zoom in/zoom out ina certain location of the document. Using an electronic pen 112, thecustomer can sign the displayed document or enter changes he wishes tothe document. The changes or the signature are displayed immediately onthe LCD displayed document in the appropriate place where the customerwishes to insert them. Moreover, the changes or digital signature isbeing embedded to within the document's graphic file. Preferably, thechanges or the digital signature is also recorded in a non-readableappendix section of the file that is created that includes biometricdata generated by the signer's hand movement 114. The output file 116comprises a graphic document that includes an original document;handwritten changes and/or signature added onto the document;“authentication stamp” that may include details such as name of theorganization, branch and representative, exact time and date of lastchange performed on the document, unique identification of the device,and name and ID of the signing customer. Part of the information ispreferably extracted from the smart cards through the card readers.

Optionally and as mentioned herein before, the customer can sign thedocument using digital signature means other than handwritten signature.The digital means can be any biometric means such as fingerprintcapturing device.

The output file will comprise also a non-readable section that isencrypted using the private keys of the device, The non-readable section118 can include among others, the biometric data recorded during signingthe document, a time stamp of every change or signature 120, theinformation of the teller's public key and the customer's private key122.

Now, the final signed and changed document is hashed using MD4, MD5 orany other hashing algorithm, and the hash is encrypted 124 using theprivate key of the device, the tiller and the customer if he has his ownprivate key. It should be emphasized that there is no possibility usingthe method of the present invention as described herein to crack thedigital signature of the customer from the signed document, and torestore it in order to sign with this signature other documents.

After the document has been signed, it is accepted 126 and sent back tothe computer 128 preferably through the originating port or theoriginating program. The originating program or an add-on utility thatcan be supplied by with the device, is adapted to handle the file eitherautomatically according to present configuration or particular operatordecision per document, all configurable.

After the document had been sent to the computer and the procedure isfinished, the device is being cleared and cleaned so that no stored dataor signatures are being preserved in the device.

The private key of the device does not have a public key. Instead, ithas an additional private key that is kept at the certificationauthority CA as known in the art. The signature's biometric parameterscan only be accessed and compared with the graphic data in the documentvia a web application or any other application located at the CA.

The method of the present invention provides a very simple means toensure that the document is signed by the signer, and/or to compare twosignatures from two different documents, using known algorithms.

A special application will be used to print a copy of the document to bekept by the customer, In the printed data, the hash and the tillersignature will be represented in Hexadecimal format, or as a barcode(preferably 2D barcode), or any other way that enable automatic reading.This will enables the customer to verify the signature using the Webapplication or any other type of application, by reading the hash andthe signature, applying the tiller public key on the signature andcomparing the output with the hash. The representation also serves as anID of the document that the organization can present to the customerwhen required. This will protect the customer against intentional orunintentional destruction of his/hers document by the organization. Thecustomer can claim that he have an original document established by theorganization. The sole entity that can generate this pair of hash andsignature is the organization.

While the invention has been described with reference to certainexemplary embodiments, various modifications will be readily apparent toand may be readily accomplished by persons skilled in the art withoutdeparting from the spirit and scope of the above teachings.

It should be understood that features and/or steps described withrespect to one embodiment may be used with other embodiments and thatnot all embodiments of the invention have all of the features and/orsteps shown in a particular figure or described with respect to one ofthe embodiments. Variations of embodiments described will occur topersons of the art.

It is noted that some of the above described embodiments may describethe best mode contemplated by the inventors and therefore includestructure, acts or details of structures and acts that may not beessential to the invention and which are described as examples.Structure and acts described herein are replaceable by equivalents whichperform the same function, even if the structure or acts are different,as known in the art. Therefore, the scope of the invention is limitedonly by the elements and limitations as used in the claims. The terms“comprise”, “include” and their conjugates as used herein mean “includebut are not necessarily limited to”.

1. A device for incorporating digital signature to within a documentcomprising: screen adapted to display the document; signature meanselectronically communicating with said screen adapted to transfer anun-restorable digital signature to said document; at least one readeradapted to provide digital signature and digitally sign the document;interface port adapted to transfer the document from a computer to thedevice and transfer a signed document back to the computer; whereby thedocument, which is generated on said computer, displayed on said screenis digitally signed and transferred with the embedded un-restorabledigital signature to said computer.
 2. The device as claimed in claim 1,wherein said signature means is selected from a group of means such aselectronic pen, biometric fingerprint, and other biometric data.
 3. Thedevice as claimed in claim 1, wherein said reader is selected of a groupof readers such as smart card readers or reader for private keycontainer like dongle
 4. The device as claimed in claim 1, wherein saidsignature means is an electronic pen that can be based on technologiesselected from a group of technologies such as light detection, sound orultrasound detection.
 5. The device as claimed in claim 1, wherein saidscreen is an LCD screen.
 6. The device as claimed in claim 1, whereinscreen is a touch screen.
 7. The device as claimed in claim 1, whereinthe device further comprises control button adapted to allow interactionwith the displayed document.
 8. The device as claimed in claim 1,wherein said screen is sized to an A4 document.
 9. The device as claimedin claim 1, wherein said at least one reader is incorporated within saiddevice.
 10. The device as claimed in claim 1, wherein said smart cardreader is separated of said device and is electronically communicatingwith the device.
 11. A method for incorporating digital signature towithin a document comprising: generating the document to be signed on acomputer; transferring the document to a device for incorporatingdigital signature wherein said device comprising a screen, signaturemeans, and at least one smart card reader; displaying the document onsaid screen; digitally signing the document through said at least onecard readers; applying a digital signature onto the document using saidsignature means; transferring the digitally signed document to thecomputer; sealing the document so as to prevent restoration of saiddigital document.